-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Dec 2025 22:14:26 +0100 Source: libsndfile Architecture: source Version: 1.0.31-2+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1014713 Changes: libsndfile (1.0.31-2+deb11u2) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2021-4156 (Closes: #1014713) An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. Checksums-Sha1: 049ae27692fc392cf9318cc073b65cab87f7b2b6 2328 libsndfile_1.0.31-2+deb11u2.dsc 4ada136ae38b08a7f17160f44ca9f0d85d53da50 662584 libsndfile_1.0.31.orig.tar.gz 630a8aec22f95033004d05ad5a79c893b1b7d64d 17884 libsndfile_1.0.31-2+deb11u2.debian.tar.xz 76f8f821e4232d277745472d8fb29b31f5eb791d 6008 libsndfile_1.0.31-2+deb11u2_source.buildinfo Checksums-Sha256: 5012394d730083c2e48ee8f4118f674e4d9e3326b1d969aa4a14096981f73835 2328 libsndfile_1.0.31-2+deb11u2.dsc 8cdee0acb06bb0a3c1a6ca524575643df8b1f3a55a0893b4dd9f829d08263785 662584 libsndfile_1.0.31.orig.tar.gz e8cac1fb3cb461cc1ef9c7f85faf8a865fd81c8c1e574964e28c3ff7f3815f80 17884 libsndfile_1.0.31-2+deb11u2.debian.tar.xz 511e72de295ad4651f0021b38ced975f6a6aaeb906aa825aa341b38c61428eb4 6008 libsndfile_1.0.31-2+deb11u2_source.buildinfo Files: ed492e7a5ef02207485175c58e394bde 2328 devel optional libsndfile_1.0.31-2+deb11u2.dsc b43ae73daf35b7b2dd0edd973a31e8fb 662584 devel optional libsndfile_1.0.31.orig.tar.gz 65d43d76e3d618471a71dce578724a61 17884 devel optional libsndfile_1.0.31-2+deb11u2.debian.tar.xz 3cd2394dfea1e554318ecd712b242e59 6008 devel optional libsndfile_1.0.31-2+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmk56AwACgkQADoaLapB CF/XhA//aGaD1y029FrxgcNpWOBkXGYaCEkP//Yu+gWS5Fa/FeGTmNGThyESD9y6 PcfccyzprFHoEhZZghRkhKJ5JTyXiAF5JleEshnmRuOwx6f1CkqEMvicYELPtZXy itu5jGuKdwWO2yConkSO5aCx78owaOL9Q/9tnX5Nd0/auDbTiYuQGw5Hkn0sGo7E IuiyMaBKkgA63fz3lmrvME0HeH2XM4IHpPmmXM0QQzXthfL80SN9oGkAwN63VLKd CbRKcww3WvOU2lIJ9dO5mtjLNK70iyePkfH+80lzZapabO594YU4ggKC5E8p5sJH c1QoOfRxEBxcWCGKmh3dR20R41V+kpFZ4S4YXO25WkyuRcPBbmRAYvQlUFeLSQFD X9p2a6YC2Udq7bXX2c1And5HfwDDAIgoayrTohjQVqDNi/mNqOjbNjSJpjZItzZV xtt04UVD+0npqsWHNF1w+RkzgF+KXfY8Y+yRkdF+q+XXz8dNx9rx/nzcry8TYYcr Oc2QVmQBB2vC/6TI2Ym7zzsnh5O/a+TaEEpkdZk/2/7F75F7UEbPtx+HumJHeiDE wnKszSx8HWswO/lmh0nix7kFdYyi+W9w8ufJ/mosaIPCyhkQI/uzKJ+kJ0d+FfV4 gkPaSpBlWGlas0gAXrvanrBDYLesxIDR3RN9o8n4WwD/dPzRrWg= =FFhF -----END PGP SIGNATURE-----
